Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

How Juniper Identity Management Service Works with SRX Series Devices and CSO

 

Figure 1 shows how Juniper Identity Management Service works with SRX Series devices and Contrail Service Orchestration (CSO) in your network.

Figure 1: Juniper Identity Management Service Workflow
Juniper Identity Management
Service Workflow

Step

Description

1.

Juniper Identity Management Service communicates with Microsoft Domain Controllers or Exchange Servers in Active Directory domains to collect event log information. Using the event log information, the service determines the IP addresses of Active Directory and Exchange users and abstracts IP address-to-username mapping information.

2.

Juniper Identity Management Service communicates with Active Directories to identify the groups to which users belong and abstracts username-to-group mapping information.

3.

After Juniper Identity Management Service has the IP address, username, and group relationship information stored in its cache, it generates a report and sends it to the SRX Series devices.



Juniper Identity Management Service Works with CSO is supported in JIMS Release 1.1.

If your network deployment includes CSO, Juniper Identity Management Service updates the CSO with a list of reports to be communicated. Juniper Identity Management Service maintains a separate list for each report type: Domains, Groups, Users, and Devices.

4.

Each SRX Series device receives the IP address, username, and user group relationship information and generates authentication entries that are used to enforce user-based and group-based security policy control over access to protected corporate resources and the Internet.